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A data redirection system for redirecting user's data 
based on a stored rule set. The redirection of data is 
performed by a redirection server, which receives 
the redirection rules sets for each user from an 
authentication and accounting server, and a 
database. Prior to using the system, users 
authenticate with the authentication and accounting 
server, and receive a network address. The 
authentication and accounting server retrieves the 
proper rule set for the user, and communicates the 
rule set and the user's address to the redirection 
server. The redirection server then implements the 
redirection rule set for the user's address. Rule sets 
are removed from the redirection server either when 
the user disconnects, or based on some 
predetermined event. New rule sets are added to 
the redirection server either when a user connects, 
or based on some predetermined event. 
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CLAIMS 



(57)[Claim(s)] 
[Claim 1] 

A database including an item which makes each of two or more user ID correlate with a rule set only for [ each ] a user, 

A dial up network server which receives user ID from a user's computer, 

A redirection server connected to a network of said dial up network server and the public . 

It is an automatic data redirection system only for a user containing attestation and a fee collection server which are 
connected to said database, said dial up network server, and said redirection server. 

Said dial up network server transmits a temporary assignment network address for the 1st user ID to one of the 
computers of said user , and said 1st user ID to said attestation and a fee collection server. 

Said attestation and a fee collection server access said database, and a rule set and said temporary assignment network 
address only for said each user who correlates with said 1 st user ID are transmitted to said redirection server. An 
automatic data redirection system only for a user, wherein data turned to said public's network is processed by said 
redirection server according to a rule set only for [ said each ] a user from one of the computers of said user . 
[Claim 2] 

The system according to claim 1 by which said redirection server performs further control to two or more data which 
frequents said user's computer according to a rule set only for [ said each ] a user. 
[Claim 3] 

The system according to claim 1 by which said redirection server prevents further data which frequents said user's 
computer according to a rule set only for [ said each ] a user. 
[Claim 4] 

The system according to claim 1 by which said redirection server permits further data which frequents said user's 
computer according to a rule set only for [ said each ] a user. 
[Claim 5] 

The system according to claim 1 by which said redirection server redirects further data which frequents said user's 
computer according to a rule set only for [ said each ] a user. 
[Claim 6] 

The system according to claim 1 by which said redirection server redirects data from said user's computer to two or 
more addresses further according to a rule set only for [ said each ] a user. 
[Claim 7] 

The system according to claim 1 which said database item about said two or more user ID is made to correlate with a 
common rule set only for [ each ] a user. 
[Claim 8] 

A database including an item which makes each of two or more user ID correlate with a rule set only for [ each ] a user, 
A dial up network server which receives user ID from a user's computer, A redirection server connected to a network of 
said dial up network server and the public . In a system containing attestation and a fee collection server which are 
connected to said database, said dial up network server, and said redirection server, 

A stage of transmitting a temporary assignment network address for the 1st user ID to one of the computers of said 

user, and said 1st user ID to said attestation and a fee collection server from said dial up network server, 

A rule set only for [ said each ] a user correlated with said 1 st user ID, Said temporary assignment network address is 

transmitted to said redirection server from said attestation and a fee collection server. How to perform automatic data 

redirection only for a user including a stage of processing data turned to said public's network, from one of the 

computers of said user according to a rule set only for [ said each ] a user . 

[Claim 9] 

A method according to claim 8 of including further a stage which controls two or more data which frequents said user's 
computer according to a rule set only for [ said each ] a user. 
[Claim 10] 

A method according to claim 8 of including further a stage which prevents data which frequents said user's computer 
according to a rule set only for [ said each ] a user. 
[Claim 11] 

A method according to claim 8 of including further a stage of permitting data which frequents said user's computer 
according to a rule set only for [ said each ] a user. 
[Claim 12] 

A method according to claim 8 of including further a stage which redirects data which frequents said user's computer 



according to a mle set only for [ said each ] a user. 
[Claim 13] 

A method according to claim 8 of including further a stage which redirects data from said user's computer to two or 
more addresses according to a rule set only for [ said each ] a user. 
[Claim 14] 

A method according to claim 8 which you are made to correlate with a rule set only for [ each ] a user in which said 
two or more user ID is still more common, including further a stage which generates a database item about said two or 
more user ID. 
[Claim 15] 

It is an automatic data redirection system only for a user containing a redirection server currently programmed using a 
user's rule set correlated with a temporary assignment network address, 

At least one function in two or more functions used in order that said rule set may control data exchanged between said 
user and a public network is included, 

An automatic data redirection system only for a user, wherein said redirection server is constituted so that change of at 
least some said rule sets correlated with said temporary assignment network address may be enabled. 
[Claim 16] 

The system according to claim 15 constituted so that said redirection server may enable change of at least some said 
rule sets according to time. 
[Claim 17] 

The system according to claim 15 constituted according to data which said redirection server is transmitted to a user, or 
is transmitted by user so that change of at least some said rule sets may be enabled. 
[Claim 18] 

The system according to claim 15 constituted so that said redirection server may enable change of at least some said 
rule sets according to one or more locations which a user accesses. 
[Claim 19] 

Data transmitted by data in which said redirection server is transmitted to time and a user, or user. Or the system 
according to claim 15 constituted according to a certain combination of one or more locations which a user accesses so 
that change of at least some said rule sets may be enabled. 
[Claim 20] 

The system according to claim 15 constituted so that it may make it possible for said redirection server to respond to 
time, and to delete or restore said at least a part of rule. 
[Claim 21] 

The system according to claim 15 constituted so that said redirection server may enable deletion or restoration of at 
least some said rule sets according to data transmitted by data transmitted to a user, or user. 
[Claim 22] 

The system according to claim 15 constituted so that said redirection server may enable deletion or restoration of at 
least a part of said rule according to one or more locations which a user accesses. 
[Claim 23] 

Data transmitted by data in which said redirection server is transmitted to time and a user, or user. Or the system 
according to claim 15 constituted according to a certain combination of one or more locations which a user accesses so 
that deletion or restoration of at least a part of said rule may be enabled. 
[Claim 24] 

The user side connected to a computer by which said redirection server uses said temporary assignment network 
address. The system according to claim 15 by which said computer which has the network side connected to a 
computer network, and uses said temporary assignment network address is connected to said computer network via said 
redirection server. 
[Claim 25] 

The system according to claim 24 by which a command to said redirection server for changing said rule set is received 
said user side of said redirection server by one or more by the side of said network of said redirection server. 
[Claim 26] 

A rule set of a user made to correlate with a temporary assignment network address including an included redirection 
server and said user's rule set. In a system including at least one function in two or more functions used in order to 
control data exchanged between said user and a public network . 

While said user's rule set is freely made to correlate with said temporary assignment network address in said redirection 
server. How to perform data redirection only for a user including a stage of changing at least some said user's rule sets. 



[Claim 27] 

A method according to claim 26 of including further a stage of changing at least some said user's rule sets, or more 
according to one of data transmitted by data transmitted to time and a user, or user, and one or more of the locations 
which a user accesses. 
[Claim 28] 

A method according to claim 26 of including further a stage which responds or more to one of data transmitted by data 
transmitted to time and a user, or user, and one or more of the locations which a user accesses, and deletes or restores at 
least some said user's rule sets. 
[Claim 29] 

A method comprising according to claim 26: 

The user side connected to a computer by which said redirection server uses said temporary assignment network 
address. 

It has the network side connected to a computer network. Via said redirection server, said computer which uses said 
temporary assignment network address is connected to said computer network, and said method, A stage of receiving a 
command by said redirection server in order to change at least some said user's rule sets said user side of said 
redirection server or more by one by the side of said network of said redirection server. 



DETAILED DESCRIPTION 

[Detailed Description of the Invention] 
[0001] 

The field of invention 

concerning the field of Internet communication in more detail, this invention relates to the database for using the traffic 

of the Internet for carrying out redirection (redirect) and filter (filter) dynamically. 

[0002] 

The background of invention 

In the conventional system as shown in drawing L when the user of the Internet establishes connection with an Internet 
Service Provider (ISP), A user establishes a physical connection first between his own computer 100 and the dial up 
network server (called a dialing and a network server) 102, The dial up network server 102 is provided with its own 
user ID and password. A dial up network server sends user ID and a password to the next at attestation and the fee 
collection server 104 of ISP with a temporary Internet Protocol (IP) address for use by the user. Detailed explanation of 
IP communications protocol is indicated to "Internetworking with TCP/IP, 3rd ed., Douglas Comer, Prentice Hall, 
1995." 

These whole contents are included in this Description as a quotation. 

When inspecting user ID and a password using the database 106, attestation and a fee collection server. In order to 
enable the user to use an IP address temporarily which is assigned to the user by the dial up network server, an 
authentication message is sent to the dial up network server 102, it assigns with connection the next, and an IP address 
is recorded. When a user requires from the Internet 110 during this session via the gateway 108, this end user will be 
identified by a temporary assignment IP address always. 
[0003] 

Redirection of INTERNET traffic is performed about World- Wide- Web (WWW) traffic (traffic which will use HTTP 
(HyperText Transfer Protocol) if it states still more clearly) in most cases. However, redirection is not limited to WWW 
traffic but this idea is effective in all the IP services, a demand of the user who asks for a WWW page (typically html 
(HyperText Markup Language) file) in order to show how redirection is performed ~ being certain ~ others ~ the 
following example redirected to a WWW page will be considered. First, a user is a WWW browser (typically) by 
carrying out typing of the URL (universal resource locator), or clicking a URL link. It orders the software which 
operates on a user's PC to access the page on a remote WWW server. Please care about that URL provides the 
information about a communications protocol, the location (typically an Internet domain name or an IP address) of a 
server, and the location of the page concerned on a remote server. A browser sends a demand to a server and requires 
an applicable page of the next. Answering this user's demand, a web server sends the demanded page to a browser. 
However, a user's redirection starts, including [ therefore ] the html code ordered that this page requires other WWW 
pages of some kind of that browser. A browser requires the redirected WWW page of the next according to URL 
contained in the html code of the first page. Or redirection is able to be performed also by ordering to execute 
programs, such as a Java applet, to a browser, and coding a page so that this program may redirect a browser. One of 



the faults of the present redirection technology is a remote side, i.e., the WWW server side, I hear that control of 
redirection is not a local, i.e., user, side, and it has it. Namely, redirection is performed by the remote server and is not 
performed depending on a user's local gateway. 
[0004] 

It is possible by using a firewall device or other packet-filtering equipment in the past several years to filter the packet 
in an Internet Protocol (IP) layer. In order that filtering of a packet may carry out the filter of the packet which enters 
into a private network from the purpose of security, it is used in most cases, but when programmed properly, it is also 
possible to carry out the filter of the output packet sent to a specific address from a user. The type of IP service 
included in an IP packet is identified, and packet filtering can be filtered based on discernment of this. For example, the 
packet filter can judge whether a packet contains FTP (file transfer protocol) data, WWW data, or Telnet session data. 
This service identification is realized by identifying the terminal port number included in each IP packet header. The 
port number follows the standards of the industry, in order to realize compatibility between equipment. Packet-filtering 
equipment enables a network administrator to carry out the filter of the packet based on a source and/or destination 
information, and the type of the service transmitted within each IP packet. Unlike redirection technology, packet- 
filtering technology enables control by the side of the local of network connection, and enables control by a network 
administrator typically. However, since it is static, packet filtering is restricted dramatically. Once a packet-filtering 
rule is programmed by a firewall device or other packet-filtering equipment, the packet-filtering rule set up only by 
reprograming such equipment manually cannot be changed. 
[0005] 

Packet-filtering equipment is used with a proxy server system in many cases, and in order that this proxy server system 
may realize control of access to the Internet and may control access to WWW, it is used in most cases. In typical 
composition, a firewall device or other packet-filtering equipment carry out the filter of all the WWW demands from 
the local network to the Internet except for the packet from a proxy server. That is, a packet filter or a firewall prevents 
all the traffic sent out out of the local network connected to the remote server on the port 80 (standard WWW port 
number). However, such traffic by which this packet filter or firewall is sent and received to the proxy server (proxy 
server) approves. Typically, the proxy server is programmed with 1 set of addresses which must be prevented, and the 
packet to which it was forced to the prevented address is not transmitted. When a proxy server receives a packet, in 
order to acquire recognition, an address is inspected in contrast with a database. If the address is approved, a proxy 
server will only transmit the packet between a local user and the remote server of the outside of a firewall. However, 
the proxy server is limited to preventing or permitting access of the specific system terminal to a remote database. 
[0006] 

The latest system is indicated by US,5,696,898,B. The database (.) which this patent does not control [ an open data 
base or (when that is not right) ] with a specific specific IP address inside a firewall That is, the system similar to a 
proxy server which enables a network administrator to restrict accessing the information from WWW/Internet is 
indicated. According to this disclosure, this system has a relational database which enables a network administrator to 
restrict that a specific terminal or terminal group accesses a specific location. This invention is restricted like the proxy 
server. 

It is only possible to prevent or permit access of the terminal over a remote site. 

In order to change the location which a specific terminal may access, this system is also static (static) at the point that it 

is necessary to reprogram the rule currently programmed in the database. 

[0007] 

The outline of invention 

The principle which changes dynamically is created and enforced in this invention. 

Therefore, redirection of the specifying data traffic for a specific user according to the activity of the database entry and 
the user, inhibition, or permission is enabled. 

In the embodiment of this invention, if a user connects with a local network, user ID and a password will be transmitted 
to attestation and a fee collection server like the case where it is a publicly known system. User ID and a password are 
checked in the light of the information in an authentication database. A database also includes filtering according to 
individual corresponding to specific user ID, and redirection information. In the process of connection, a dial-up- 
networking server provides the IP address temporarily assigned to a user to attestation and a fee collection server. 
Subsequently, attestation and a fee collection server transmit all a user's momentary IP address, a specific user's filters, 
and redirection information to a redirection server. Since the IP address temporarily assigned to an end user uses it for 
connection with a network, it is returned to an end user. 
[0008] 



When it connects with a network, all the data packets transmitted and received among users will include the momentary 
IP address in the user's IP packet title. A redirection server by using the filter and redirection information fi:-om the 
attestation corresponding to the specific IP address, and a fee collection server, A packet is enabled to bypass a 
redirection server as it is, a request is prevented extensively, or a request is corrected according to redirection 
information. 
[0009] 

After a user ends connection with a network, a dial-up-networking server tells attestation and a fee collection server 
about that, and attestation and a fee collection server, A message is transmitted to a redirection server so that filtering 
and the redirection information corresponding to the momentary IP address of the user who ended connection may be 
removed. At this time, the dial-up networking can assign other users said IP address. In this case, attestation and a fee 
collection server retrieve a new user's filter and redirection information from a database, and a new user transmits them 
to a redirection server together with the same IP address to be used from now on. This new user's filter is not 
necessarily the same as that of the 1st user. 
[0010] 

DETAILED DESCRIPTION 

In the following embodiment of this invention, a reference number common to expressing the same component part is 
used. If the feature of one embodiment is included in single system, such component part is shared and all the fiinctions 
of a necessary embodiment can be achieved. 
[0011] 

Drawing 1 shows the typical Internet Service Provider (ISP) environment where it has an automatic data redirection 
system only for an intensive user. As a typical utilizing method of this system, a user uses the personal computer (PC) 
100 linked to a network. A dial-up-networking server (102), attestation and the fee collection server 204, the database 
206, and the redirection server 208 are used for this system. 
[0012] 

PC 100 connects with the dial-up-networking server 102 first. Although this connection is usually made using a 
computer modem, the communication line of a Local Area Network (LAN) or others can also be used. The dial up 
network server 102 is a means for forming a communication line between a user's PC 100 using a standard 
communications protocol. As a desirable embodiment, by using a point-to-point protocol (PPP), A physical circuit is 
established between PC 100 and the dial-up-networking server 102, from the list of usable addresses, one IP address is 
chosen and dynamic assignment is carried out at PC 100. However, it is also possible to carry out so that a different 
communications protocol from the above may be adopted and permanent residence assignment of the IP address may 
be carried out to PC 100. Each of dial-up-networking servers 102, PPP, and dynamic IP address assignment is publicly 
known. 
[0013] 

The attestation and the fee collection server (attestation and a fee collection server are called hereafter) 204 which have 
Auto-Navi equipment attest user ID, and permit or refiise access to a network. Attestation and the fee collection server 
204 are asked to the database 206, and user ID judges whether it is what justifies access to a network. If attestation and 
the fee collection server 204 judge that user ID is proper. Attestation and the fee collection server 204 receive the dial- 
up-networking server 102, Point so that an IP address may be assigned to PC 100, and the Auto-Navi equipment of 
attestation and the fee collection server 204 receives the redirection server 208, (1) the filter in the database 
corresponding to this user ID and redirection information, and (2) ~ transmit the IP address temporarily assigned for 
this session. An example of attestation and a fee collection server is indicated to US,5,845,070,B quoted in Description 
of this application for reference. The different attestation and fee collection server of a mode from this are also publicly 
known. However, these publicly known attestation and a fee collection server lack Auto-Navi equipment. 
[0014] 

The system described here operates based on the user ID given by computer. That is, a system "does not know" who the 
"user" who is facing to the keyboard of the computer which supplies user ID is. However, in many cases, the 
expression a "user" is used in order to express simply "the person which inputs into the computer which supplies 
specific user ID to a system" for detailed explanation. 
[0015] 

The database 206 is a relation database which memorizes system data. Drawing 2 shows one embodiment of database 
structure. In a desirable embodiment, a database includes the following field. That is, they are a user account number, 
the service (for example, e - mail. Telnet, FTP, WWW) with which each user was permitted or refiised, and the place 
where each user was allowed access. 
[0016] 



A mle set (mle set) is adopted by a system, and is peculiar for every user ID or user group. A rule set specifies a user's 
element or conditions about a session. The rule set can contain a stage, a method, etc. of correcting a rule set during the 
kind of accessible or impossible service, an accessible or impossible place, the shelf-life of a rule set, the conditions 
from which a rule set is removed, and a session. Since removal from a system is ensured, the longest shelf-life of a rule 
set can also be set up beforehand. 
[0017] 

Logically, the redirection server 208 is located between a user's computer 100 and a network, and manages access of 
the user to a network. The redirection server 208 performs all the central tasks of a system. The redirection server 208 
receives the information about the session materialized newly from attestation and the fee collection server 204. The 
Auto-Navi equipment of attestation and the fee collection server 204 asks a database the rule set which should be 
carried out a summary to each new session, and transmits a rule set and a quota IP address to the redirection server 208. 
The redirection server 208 receives an IP address and a rule set, performs a rule set about an IP address, and it is 
programmed to, perform the logic judging of the following accompanying for example. That is, it is checking a data 
packet, following a rule set, and preventing or permitting a packet, performing physical redirection of a data packet 
based on a rule set, and changing a rule set dynamically based on conditions. If the redirection server 208 receives the 
information about an end session from attestation and the fee collection server 204, the redirection server 208 will 
eliminate the information relevant to an unsolved rule set and session, the redirection server 208 is boiled every 
moment, and checks and eliminates a finished rule set again. 
[0018] 

In other embodiments, the redirection server 208 reports all or a part of session information to the database 206. This 

information is used for report creation or additional rule set creation. 

[0019] 

The feature outline of a system 

In this embodiment, specific IP service, for example, WWW, FTP, and Telnet can be restricted or permitted to each 
specific user. For example, even when access to WWW is possible for a certain user, access to FTP or Telnet is 
impossible. Edit a user's database record and the nAuto-Navi equipment of attestation and the fee collection server 204 
is received. By ordering a user's new rule set and this time IP address to transmit to the redirection server 208, a user's 
access can be changed dynamically. 
[0020] 

A user's access "can be locked" only at one place or 1 set of places. If the locked user is going to access other places, 
the redirection server 208 will redirect a user to a lack place. In this case, by acting as a substitute of a destination 
address, if the redirection server 208 is a case of WWW traffic, the redirection server 208 answers it to a user's request 
on a page including a redirection command. 
[0021] 

Based on time and other conditions, a user can also be periodically redirected to one place. For example, after 
redirecting to one place first regardless of the place which a user means, access to other places is allowed, but a user is 
automatically redirected to the first place every 10 minutes. The redirection server 208 performs such a rule set by 
setting up a rule set temporarily [ initial ] for redirecting all the traffic. If the place where the user was redirected is 
accessed, the redirection server 208 will replace a rule set with a user's standard rule set temporarily, or will remove a 
rule set from the redirection server 208 thoroughly. The redirection server 208 restores a rule set again after fixed time 
or variable time, for example, 10 minutes. 
[0022] 

The following steps are details of a typical user session. 

- A user connects with the dial-up-networking server 102 via the computer 100. 

- A user enters user ID and a password into the dial-up-networking server 10 using the computer 100 which sends 
information to attestation and the fee collection server 204. 

- Attestation and the fee collection server 204 ask the database 206, and check the validity of user ID and a password. 

- If a user's attestation is performed successfully, the dial-up-networking server 102 will complete a negotiation 
(negotiation), and will assign a user an IP address. In many cases, attestation and a fee collection server record 
connection on the database 206. 

- The Auto-Navi equipment of attestation and the fee collection server 204, (It is contained in the database 206) A 
user's rule set and user (assigned by dial-up-networking server 102) IP address, A redirection server can be made to 
carry out the filter of the user IP packet by transmitting to the redirection server 208 in real time. 

- The redirection server 208 programs a rule set and an IP address, and control a user's data according to a rule set (a 
filter, redirection, etc.). 



[0023] 

The logic of a typical user's mle set and accompanying and an example of operation are explained below. 

The rule set for a specific user (namely, user UserID-2), Access is allowed by only website .us.com, Telnet service can 

be received, and logic is as follows if it says that access from all the servers in xyz.com is redirected to www.us.com. 

[0024] 

The database 206 includes the following record of several one about user UserID-2. 
[Mathematical formula 1] 

ID UserID^2 
Password: secret 

m# Rule Set3 urn 

#service rule 
http www.us^com 
http * .xyz.com=>www,us.com 



expire 

0 

0 



[0025] 

- A user starts a session and transmits user ID and a password (UserID-2 and confidential information) to the dial-up- 
networking server 102. If user ID and a password are right, attestation and the fee collection server 204 will accept 
formation of a session to the dial-up-networking server 102. The dial-up-networking server 102 assigns an IP address 
(for example, 10.0.0. 1) to UserID-2, and transmits this IP address to attestation and the fee collection server 204. 
[0026] 

- The Auto-Navi equipment of attestation and the fee collection server 204 transmits a user's rule set and a user's IP 
address (10.0.0.1) to the redirection server 208. 

[0027] 

- The redirection server 208 programs a rule set and an IP address, according to this rule set, carries out the filter of a 
user's packet, and redirects it. In order to perform a rule set, the logic which the redirection server 208 adopts is as [ 
several 2 ] follows. 

[Mathematical formula 2] 

IF source IP-address ^ 1 0.0.0. 1 AND 

( ((request type HTTP) AND (destination address - www.usxom) ) OR 

(request type = Telnet) 
) THEN ok. 

IF source IP-address lO.O.OJ AND 

( (request type = HTTP) AND (destination address = *.xyzxom) 
) THEN (redirect - www,usxom) - _ _ 



[0028] 

The redirection server 208 monitors all the IP packets, and checks each packet in the light of a rule set. In this case, it is 

if IP address 10.0.0. 1 (address assigned to user ID UserID-2) tends to transmit the packet containing HTTP data (.). 

That is, if it is going to connect with the machine port 80 in a xyz.com domain, traffic will be redirected to 

www.us.com. by the redirection server 208. Similarly, a packet is prevented by the redirection server 208 if a user is 

going to connect with the service of those other than HTTP in www.us.com, or Telnet. 

If a user cuts logout or connection from a system, a redirection server will eliminate all residual rule sets. 

[0029] 



The logic of a typical user's mle set and accompanying and other examples of operation are explained below. 

After making a user access website www.widgetsell.comn first, if the rule set for a specific user (namely, user UserlD- 

3) says that it makes other websites access, it is as follows. [ of logic ] 

[0030] 

The database 206 includes the following record of several three about user UserID-3. 
[Mathematical formula 3] 

ID UserlDO 
Password : top-accrct 

U-UliilllJlMliliit nti itJi II n 

TTlrTtTrTtfTTttt It ti tt tJ ft TrtTrT 

m Rule Sets ### 

JJ— ZJ- J J .rr If rr rl II rr f ITt 77 IFTPfJff 

IrttTTttil trTTtTTtTTttfttt It IT 11 

^service rule expire 
http *=>www*widgetselLcom 1 x 



- A user starts a session and transmits right user ID and a password (UserID-3 and extra sensitive information) to the 
dial-up-networking server 102. If user ID and a password are right, attestation and the fee collection server 204 will 
accept session formation to the dial-up-networking server 102. The dial-up-networking server 102 assigns an IP address 
(for example, 10.0.0. 1) to the user ID 3, and transmits this IP address to attestation and the fee collection server 204. 
[0031] 

- The Auto-Navi equipment of attestation and the fee collection server 204 transmits IP address (10.0.0.1) of a user's 
rule set and a user to the redirection server 208. 

[0032] 

- The redirection server 208 programs a rule set and an IP address, according to this rule set, carries out the filter of a 
user's packet, and redirects it. In order to perform a rule set, the logic which the redirection server 208 adopts is as [ 
several 4 ] follows. 

[Mathematical formula 4] 

IF source IP-addres<: " 1 0.0.0. 1 AND 

(request type = HTTP) THEN (redirect = www.widgeisellcom) 

THEN SET NEW RULE 
IF source IP-address = 1 0,0,0, 1 AND 
(request type = HTTP) THEN ok, 

[0033] 

The redirection server 208 monitors all the IP packets, and checks each packet in the light of a rule set. In this case, it is 
if IP address 10.0.0. 1 (address assigned to user ID UserID-3) tends to transmit the packet containing HTTP data (.). 
That is, if it is going to connect with the machine port 80, traffic will be redirected to www.widgetsell.com. by the 
redirection server 208. As a result, the redirection server 208 can eliminate a rule set and the user can use a web freely. 
If a user cuts logout or connection from a system, a redirection server will eliminate all residual rule sets. 
[0034] 

Based on many other factors, such as a type etc. of the place accessed, a user can also be periodically redirected to one 
place the time consumed as an embodiment of further others at the number of the places accessed, and one place, for 
example. 
[0035] 

Excess of predetermined time will intercept a user's communication. Attestation and the fee collection server 204 
pursue a user's on-line time. If it is a prepaid member, it is easily manageable by attestation and the fee collection 
server 204. 



[0036] 

As an embodiment of further others, the rule set which the redirection server is using is correctable by using the signal 
from the Internet 110 side of the redirection server 208. Preferably, it is verifiable by using encryption and/or 
attestation whether the server or other computers by the side of the Internet 1 10 of the redirection server 208 are having 
correction of the rule set which is going to be corrected approved, this operative condition ~ or [ that an example / like / 
is answered to the questionnaire entries or the conditions in a specific website ] ~ or it is a case where a user must be 
redirected to this website until it is filled. In this example, a redirection server redirects a user to a specific website 
including questionnaire entries. If this website receives appropriate data in all the required columns, a website will 
permit excluding the redirection from the rule set of the user who has replied to questionnaire entries thoroughly to a 
question website to a redirection server. Of course, correction of the kind of others which the kind of correction which 
an external server can add to the rule set about a redirection server does not remain only in the abbreviation of a 
redirection rule, but are supported by redirection server which was mentioned above is also included. 
[0037] 

It can carry out so that, and service various type [, such as Telnet, FTP, and WWW, ] may be controlled (inhibition, 
permission, redirection). [ a person skilled in the art ] This invention is programmed easily adapted for new service or 
network, and is not limited to publicly known service and network (for example, Internet). 
[0038] 

It cannot be overemphasized that it is applicable also to the network of non-IP base which performs other address 
schemes, such as IPX and a MAC Address, by one side. Although the operating environment which explained the 
desirable embodiment in full detail is a case of ISP which connects a user to the Internet, it is possible to apply, also 
when access of the user to a Local Area Network, a Wide Area Network, etc. must be controlled. So, neither 
environment nor a communications protocol is limited only to the matter examined so far. 
[Brief Description of the Drawings] 

[Drawing l] It is a block diagram showing typical Internet Service Provider environment. 

[Drawing 2] It is a block diagram showing the embodiment of the Internet Service Provider environment where it has a 
concentration redirection system. 
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tuia^s^'-rT^vr-y:?" . >7 bv-^ -^-^^li. tufa J^- ^'t^ ^ > :x - co— o i:: jrti- 
JlII 1 (D^-^ I D tt^lE^ 1 I D(7?7t«^(7)— B^tii^T^ y W - T YVTs t 

m-r^Mtt^^^-^mmco^m'^y > tmris^^tiiaT^-y > v-^'t Kv;^t ^^mrieij 

^> 3 > • t ' f^jj^ L . tiff —^conyy^^-^ay^-D^-^ih tfrf ai^^c^ ^- y 
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m%Z¥4T)\'T -J-f • yv-"? • ^ - j3 J: y h V - ti^l^E 

ttlSJ--^'^ J > 1:1^- j^cT)— otijrj-j-Jg^ lfe 1 c^^-^f I D titles 1 C7)^-^f I Y)(T)fz 

m^M 9 ] 
m^m 1 0 ] 
m^M 1 1 ] 
m^m 1 2 ] 

¥4 f)ic-^tfW^j^8 icie«(75^-?io 
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[M« 1 4 ] 

m%'^. 1 5 ] 

1 6 ] 
[M« 1 7 ] 

mtM 1 8 ] 
1 9 ] 

f5Kl?tL&T'-:5', tfz\±^ a.-^i)^r^^7.-t^—^tfz\±-mML<nu^-'yBy<nmh 

2 0 ] 
[M*:®2 1] 

2 2 ] 

m-^M 2 3 ] 
m^M2 4] 
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m^M 2 5 ] 
m%M. 2 6 ] 

2 7 ] 

T ^ -b ;^ 1" ^ — o f (±^^<7) n ^ - 3 > (7)— oj^i: i:: J^; CT. ttTia^ ^ ^<r^mA ^ ^7 

m%M. 2 8 ] 

T^-b7;i-^-otfc (±^^(7) u^-y-ay(7^-^]>x}LV^]i^^x-. mi a^ - ^'c^miu 

[M« 2 9 ] 

hV-^^llfft^r^L. ttria— B#S!)^T^^7 bV-^T KVJ^ ^rf^ffl-T^mrfan > ti 
{ituia'J ^'-f V^'^^g > • ■9--/-?$r^SLTmiwa3>t;^-^'^--^7 b V - ti^M^ tiT 

*5 i9 > Htria:^ffi{i^ ? ^t'. iriau ^^'M ^> a > • ^t-^^^c7)ttia^-^^Mi: Htriau 

ii;-'^ < t ^j-§p^^^M-|-^fci6t3, mia'; va > • ^-/^i^ji^&^^^^it^ 
^>^m^^t^m%i$^2 6 icfaicc^^s^o 

[0 0 0 1 ] 

^-f y^^WjmK^) ¥^V7 Y (redirect) feJ:?J-7'f (f i 1 t e r) "T 
[0 0 0 2] 

x-/n/sx^' (ISP) t<7:)m^'^msL-ri>t^K^ ^-^■(±g^jjtcg^c7)3>tia.-^ 

10 0 1 3^'^ t;vT';^ -7° • ^y \v-7 • (V-^ TM^HiL • ^> y hy-^' • ^- 

. ^t-/-?! 0 2 l::i^(7)^-^f I Dt/'^7U- Vt^t^j^-t&o ^"-f T;^ 

T '7 -7° • ^-^ -7 b y - • a.-^f I D t/N°;^y- i&^-^ffi 

<Dfz^<7^—mm^£4y^~^yy':^^}^^}i^(iP) rvu^t^K^ i s p <^isfiE^3 j; 

fJ'W^^-/'? 1 0 4 icMSo I PMy"n b =rjK7)|#H^f5iH^{±, " I n t e r n e t w 
orking with TCP/IP, 3rd ed. .Douglas Comer 
, Prentice Hall, 1995" t-ifa® ? tLT^ I9 ^ ^ <7)|*]§^#^s;$:0j§|a^ 
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1 0 8 ^BffitT^ >^-^>'y h 1 1 0 LTM^^tf ^ t ^Kltv^^i:^^, i 
[0 0 0 3] 

^ h • Vyy-i y^<7^V ¥4 V^^y^ y\t^ 7-;VF7-r F^^:7* (WWW) 

^77'f^7^' P,lc0j§#lcJiE-i-2> HTTP (/>-r/N°^^^;^ hfeM7°n > ^ 

WWW h 7:7^ -7 ^lc|M^?aT*3f,-f\ ic^Mf±^Tc7)l P^- e'Xtc^^cd'C^So 
t'<7)J; ^ >5^^'tft5*ti);$i^'^^Tfcfel::. WWW-^--7 (MStlt^f*. h 

coft&(?:)WWW^->^~t::'J ^J^'-Y 1/^' M-i):^<^*f!l^#^-r^^i:l::-r-g>o ^-fS^Ut'. ^ 
-^"{*. URL (^^/t-^jv . ij v-;^ . n^r-^) ^ ^ -T^AifT-S) 5?)^U R L 'J V 

^^ij - ^tCjioT. WWWy^^^f (ftMetlt^ti. >:2--^f(^p C±-^W-1^i-i> 

y^h^j^T) i::^ 'J-t- bWWW-9--/-?ii(7)^-i7i;T^'-l:r;^i-S J: 9 t'if^^-r^o ift 
#ynhn;vt. ^j--/tc?5n^--> g > (||S6*jtif±. 4 y 9 ~n^y y r :^ 4 y'^^fz\t 

v=^7'9 7^1iK^'S>o b^^^L. :icD^-v(i^ ^c7)7'^i^^f ic#t,^^(7)4tc^WWW-^- V 

yi)%ht^o y^^^li. M^<7)^-y<^h tml VK^tfifzURLK 

L;t/5^'oT, l-'^' h ? ttfcWWW^->>"=^^^-r^o $)*VMi. JavaT-7V^7 

ytV 9'^ Vi; J; 9 tc-^-v^n- F<bi--2:. i t J: oT^j, U V^v-a yt^'j 

yco%mW)=^~ MliJi-^fc-^WWW^-^^^fi!)-e^!9^ n-*;vfl!)-r^;b*>^-+Pfl-e^ 
j^u^tv^^ i tT^^^o -ttii\^%. :^'-r V9 h^-z^l:: J:oT^T^^tt^ 

[0 0 0 4] 

- -^4fic7)^t;, 7r-<T7*-;vSM*^^t±^&(7)7>°^-:/ h 7 'J > ^^S^^'KiBi- 
ij ^ i: J; oT, ^y ^-%y yy'uyrDV ( i p) jgiiistj-ij^^"^ y h^o^-f 'J > 
^''^tT^ ^ iiT&Wtbt^oTv^^o btT)^^ ji^^^'j y^^'ti, V ■^'f f7)ge^j5^ 

^y y^y 4 }\y^-r^ ^ 4^ prt^-C^);&o ^-^"^^^ h ^-f 'J I F^'i^y }-\HK 

I P^^ ^^:^(D^^ y'^mML. ^tt(^fS55!lt;S^^v^T7 -f V y^^^yo ^ 
t-^mt^-^^^^o MxL(f\ hy^ }]y^lt. /-^yy b^5-pTP (7 r ^ ;^^3i7°n > 

-r-^. WWW-r-^. t7t(±> Te 1 ne t y y 3 y ^ "k^t^-^^t^^ 
W^-r-gj^ tT&Wt^-C^^o ^cD^-tf^ft^Ufi, #^(7) I P/-^^y h^y ViMK^tit 

, V-;^^3 Jit//* 7t(i^^'|f$gt#I Py-^^y h\H'^ii:^^n-:h^~}£7.<D^4 y'tK 
^■c>\y^X^^y hu-i'^m^^d^y-^^ y "h^y 4 }i^^-r&^t^'BIt^K-r:ho ') V4 V^y 
3 ^^^MTt (iiaoT. y^'ry \^y 4 il'9'}yf\m^\±^ ^> ^7 h y - ^^^(7)n - * ;HiJ-e 

^y yy^ }i^^vy^l±. B-^x^&fzibK. 4\^^KMlM^KX^^iho ^'^^y b7-f 
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[0 0 0 5] 

/-^^y j^i^'jyv^Uii. y'u^-y'ir-^^zyxi^J^t^K^^m^ti^:Ltt^^^<.. 
:^(Dy''a^^y^~/^iy7.y^2^{t^ y ^ -^y Y KM-t^T ^ ^T.^DM^'t^ML. WWW 

y 4 i]y^^i>o i-^t^^, ^^^y yy -i )v ^ ^fz\ty r ^ r ^ - > 8 o 

ttz\tyr-^ry^-)V\t. yfu^Z^^-r^ (proxy server) l'?!^^LT3iS 

-r A ^^c^ T -Ir =5- Ifiih ^ (ill^ HT-r ^ ^ 1 ? ttT i/^ S o 
[0 0 0 6] 

*iac7)v;^^A^^'7^S#ft»5, 6 9 6, 8 9 icr)#|^{d;, 7t 

fiJfP^nT'^T'-^-^-;^ {-f^£^%. WWW/^ > - h ) ;$^^(7)1t$^ti 

f ;^ - yt'^mT^o^ rn^-ZyByKT^~t7.-r^^t^^y YU-^ ^M^tim 

-rS'i;^^^^^^* tv^^.r^j-c. :ic7?v;^^A ^jgf-&5 (s t a t i c) "C^^o 
[0 0 0 7] 

■ ^-y Yu-^ tmm-r^ ^^^z^ x cornet mm' . ^-^^ i Dsaxzf^-^T.u- 
~y^^<Dm$ii'mhLr^^y ^ ^itz>o 7'-^^<~y^ii^^^~^^ i DKnjit^-r&MA 

^^jcoy^J^yf^'jy^UXZf'jr^ly^zysyiM^^ii^t^o ^li<7)aifmi3V^T. ^-^^ 
}Vryy°- ^-y bV-^ • ■^-/■^(ifSJiEjB J;CJ^~i^#^-/tir^tL. j:^-^l::-^atit'SiJ ^9 
mx I FT Vu:^^^m-r^o mMi^XV'm^'^-^^ii') ^y 3 y 

ya >'lf#c7)i-'^T$rM#i"'S>o ^y K • ^-^l^—mmKM^ hfi& I PT FVX 

^y hu-^' t<7^mm^'{^^^&f-^it). ^y V ■ ^~^'KMm^^&o 

[0 0 0 8] 
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[0 0 10] 



h^-e;^-7°n/t^ (ISP) WM.'^y^'to >r ct)^;^^ Ac75^M6^j^fOI9^'& 
t LT. hmmt^^^vny (PC) lOO^f^ffii-^o ^(^^/;^ 



PC 1 0 0 (±^T ^M'^;PT^7 7° -^^-^y YV-^ • ^-/^u 0 2 b^mrf^o ^(O^mt 
(LAN) tf^(i^c?5'ftfec7)ii#[l|^^fOM-r&it 'b-ei^.o T;VT^;' • ^-7 

;p (p p p) ^fOffl-r^&itt^ioT. PCI 0 0 t9'^\)^yTyy' ■ H-^y y^-^ • +^ 

-^t 1 0 2 tc^f^lctl3Ei&5ial'?^^m3Ab. f^Mnrt^^T KV;^c?)V;^ —OCT) IP 

T K^;^=^M^-ePC i o ot^^'^^^ ^7 ^^SiJiQ ^T-r«.o fflu. Jiisi: 

n b =r;v$:fifi;^^ L^ P C 1 0 0 l^M LT I P T YVT.^'^^M^ ^X-f^ i ^ K'^m-f^ 

^inrt^-e^^o ^M^jvT^7'7° • ^-^y . 02, ppp^j;y^~ 



Au t o-Na V i ^fi^^-|-^l?JiEJ5 (J.J,T, MiiE^s J; ^l^^^f-y^^t 

m^^-t^) 2 0 4 (i. a--^^ I D=^fgiiEL^ ^-^7 by-^^-\c^T^'-b:^'lr^pri ?t(i*g|fi 
-r^o ^JiE^3 J;0*^|S#^-^^'2 0 4(±7"-^'^^X2 0 S Kf^V^-^io'^X ^-^f I D^^' 
^^y YV~^^(r)r^^7.^sE^it-t^i^(r):h--}fn^''^'^'^\^'t^o ^) L. ISiiEis J: 
^-^■^2 0 4;^)^'J:--^f I D^MiEt4^lJS-r-S> t > fSJiEjS J; 2 0 4(±:r^-Y;V 

T^y:/ • 7 hy-^' • ^-z-? 1 0 2 li>Pf LT, P C 1 0 0 I' I P T KVX^tflV) ^T^ 
J: ^ ^^^L, glfiE*3 ctCJ^~li^^-/^^2 04(7)Auto-Navi ^W') ¥4V^Vuy 
• ^-/■^^2 0 8 I'MLT. (1) ^(Ty:i-~^lY)V^^]B-f^7-^-^^-7.^<r^-yA)\^^i^ 
XXI') ¥4 -iy\%^h. (2) it75-b^7->3 B#i^tci[1^5 ^5iTt)tL& I P 

L/^*g#ttai5, 8 4 5, 0 7 0^l::|aic$*T^TV^-g>o UM^&ltt^S'.WiE^ i 

XIW^^~/^^^^X^^^ lit. itl^<7)SMSHiEj3J;a=~iS#^-/^imA u t o-N 
a V i ^M^^^^^PLTV^So 



[0 0 0 9] 



[0011] 



[0 0 12] 



[0 0 13] 
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[0 0 14] 

:i :i KtK^^ ^yXy^J^li-. n > li ^ - 5^ J: o h ^^^-^ I D 

[0 0 15] 

tt\ e FTP, WWW) . ioXV. WT ^r;^ =^Bt ? *t 

[0 0 16] 

M^^;' h (rule s e t ) 7^?^'v-;^^i^t;J;oT$fiffl$*L, 
[0 0 17] 

V^^^y^y • ^t-/^^2 0 8 |^a6^Jt;(i^--fc^3>t;^-3^ lOOt^^^'hy 

0 8(i. mL<)&SLLfz^y^y ayKm-ri>mn'^mM^xrfM^^~^'^2 o d^e^^^M 

i-^o miiE^S J:i7if^^-/-?2 04 coAuto-Navi ^tL^ti^OffLv^-fe^y 

2 0 8 Km-ty y^xzrm^Bx i pt Fv:^&^iii-r^o v ^'-r v^'s^a > • ^-/-^ 

2 0 8 (i I PT VU7.idXZ/mWi^y y^^^L. I PT K V-;^ LTMIU^ h 
nr-r& t . miiJ-b h \z^'^\,^XT^~ 9 ■ y h <r)^mm '} Ui^^y^y ^^To i 

m^KM^^^^^xmrn-ty h^v^^^y^^Km.'^-r^^tx^i^o ')y^v 

^^y^y •^-/t2 0 8^^1SfiE*3j;C/i5^^-/^^2 0 4 ^^^. W:T^y y a yKm-ti>m 
m^^^-f^ t . ^) V V ^ y B y • ^- 2 Q ^ \t^m'^<DMm'ty ymi xi^ y y a 

y\z.m'^~t^^Wkmi:~t^^ ')¥^y^yBy-^~f^2^^\t^fz. ^^^j^n^^ 
^^(D^m^y y'^^:^y "7 m*-r^o 

[0 0 18] 

f&c^^Jfe^jTii. ij ^-^^ ^/ 3 > • 2 0 8 ^7 y a >1f $g.(^i-^T 1 7t \t—%l 
[0 0 19] 

^(T^^ife^jTii;, ^^^^(r>m'^^-'f\^%^X . P^-ii'^, ^Jx.«\ WWW> 

^liWWW^(7)T^'-trXf±BTt^'e=b> F T P ^ ;t y h-^(7)T^ -trXti^f nTt^T^^ 

^-^^c^^T'- ^-^-Xia^^S^L. |SfiE*3J;C/iS^+l--/^^2 0 4 c7)nAu t o-N 
av i^St::>ftLT. ^~^<DW\\^^^Wi'^^y ^^X'C^W^^.lVr VVT.^') 
yay- ^-/■?2 0 8^^Mi"^=t ^-^^-r&^tKX^X, a-~^(DT ^7^y^ ± 
^ y i^K^'M.-r^^ht^X^:k>o 
[0 0 2 0] 
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2 0 8;$^(^siMij-b^;' Y ^^-^v^w^^-f ^ o -^nnt.fz\m^n%. \ o^m. 

[0 0 2 2] 

• 1 0 0 ^^\^'^^-^i^^¥ 4 ^ )\'T -J y • ^--y • ^-^^^1 0 2 t 

• |S|iE*3 J; U^'iS^-t-/-? 2 0 4 tC'ltl^^-^S 3 > ti a. - 3^ 1 0 0 Offl LT. ^- 



• |SfiE*3 J:U^W^^-^'^^2 0 4 7" - ^ - ;^ 2 0 6 Kf^^'^^^io-^. J-^^^I Dia^ Xf/^ 

■ a,~^^com-$^t^J^^U^^'ir^f^i> t . ^^^-^ ^ )VT y y ■ y ~ 9 ■ ^-^t 1 0 2 t^^^ 
> (negotiation) $-^TL. ^--f I PT K l--;^ ^9 ^ 

• |S|iE*3 J;a^W^^^^^^2 04 c75Auto-Nav i ^fifi. {•r~i'^-7.2 0 6 t^-^ 
tfLX\^^^) ^-¥c^iiaiJ-tr-y h t . ^;i^T y :7° • -y > 7 - • 0 2 

i oTt[)i9 i^^Tf)^/^) ^-^f I p T Kv;^ h V T ;v ^ -e 'J v^y^y 

2 0 8 i t J; V? , 'J :^'-r v a > • ^-/t^^"a--^f I P/^"^ y y^y 

• ^'-r V^^v-a y • -^-7-^2 0 8 HMWi^y Vi^XZ/l PT FV;^=^yn^'9A LT. 
[0 0 2 3] 

#^^--^f (-r^£i^-ib. ^~^\J B e r ID-2) cotzi6comMi\^y ^^7^-^^ 
h. us. c omK'D^ri^^T.^W^^. •T}V^^y y • ^-li:^^^lf:h:iti)^r-^. 
xyz. c o mt;^3tt&i"'^Tc??'t?- — 7t;5%P,c?5T^' ■tjx.^twww. us. com'\Vr?'M 

[0 0 2 4] 

■r- 2 0 6 (±J^--ru s e r I D - 2 l::r^ LTTIE^^S: 1 <^fa^^-^tf o 

[mi] 
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ID 

Password: 



UserID-2 



secret 



m# Rule Sets 4^ 

jUm-H- HH -H H-ff-H-I MIH-H-M 

ttiT ft tf ft fiji U ft ft TTTT IT IT if H 



#service 
http 

htlp 



rale 

www.us.com 

* .j£yz.com=>www.us.com 



expire 

0 

0 



[0 0 2 5] 



I D *3 J: -U;-^7. y-K(UserID-2^J; U^^^W ^B^S-T-S^o ^-^f I D 4) 

1 0 2 l::^LT. (DWutL~km-^^o V4 J^^T y :/ • ^ y }■ U ~ ■ ^ 

0 2 (±U s e r I D - 2 I P 7 K 1^;^ (^Jx.«\ 10. 0. 0. 1) ^tfllQ 

[0 0 2 6] 

• MfiEjS J;0^1^#^t^^-^^2 04(7)Auto-Navi ^Sfi. ^-^'coMm^y h i:^- 
^'(Dl FT Vlyy. (10. 0. 0. 1) ly^y 3 y ■ ■^~/^2 0 SKm'B'ti'o 

[0 0 2 7] 

• V V^^yu y • ^-^■^2 0 8 \t^m^-y \-m^Xl\ PT rVT^^-fu^yJ^ LT. 



IF source IP-address = 1 0.0.0. 1 AND 

C ((request type = HTTP) AND (desilnation address - www.us,coin) ) OR 

(request type - Telnet) 
) THEN ok. 

IF source IP-address = 10.0.0.1 AND 

( (request type = HTTP) AND (destination address = ♦.xyz.com) 
) THEN (redirect www.us.com) 



i; V^yu y • ^t-/t2 O 8 li-r^X(D I Fr^^y t. MBi^y hKMh 

LX^MfKD^-^^ y J^^i^^y ^-r^o ^(^^^^ iiL I PT 1 0 . 0. 0. 1 

(^-^f ID UserID-2 Km^^rhfltzT KV;^) i^^T T P r~ ^^t^^^ 
^ y y^^^LX 0 t-t^ t (1-?i=b*>, xyz. c omV;^ 4 y\^c0^yy ■ 1- 8 
0 Km^LX V t-r^t) , h^y^ y^i±')V4y^yay -^-^^2 0 8 KX^Xw 
WW. us. c om. V4 h '^fl&o ^) L^^-^'^^^w w w. us. co 

mKi3if:hRTTPm^(D^~}^7ttiiiT}\^^^y hl^^^LJ:^ t^i>t. y hit 




[0 0 2 8] 



[0 0 2 9] 
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o.-'ifU s e r ID-3) ^fOsb'TymU'ty YtiK ^-^f^^T 
^ :iLy^ • hwww. widgetsel 1. c o m nKT ■^7.^^'Z-i}^h. \'^<0^ 

[0 0 3 0] 

r~9^~7. 2 0 6 (i^-^"U s e r I D - 3 I' LTTIEt^m 3 (^M^-^tf o 

ID UserID-3 
Password: top-secret 

IT If It ftllTTWiiti It ifff it llftfr 

im Rule Sets ### 

Itif'tf-ff-ft'ttttlfttftttftlt lift II 

#service rule expire 
http *=>www.widgetsell.C;am 1)£_ _ 

. ^-W-tr^7^^ 3 >=&P§^L^ lELV^^-^f I D^XZJ^^-^7.^~ K (U s e r I D- 3 
i3 J; o^^^il^'ltlR) ^^'^ ^;vT ^7 -7° • '7 b V- • -^--zt 1 0 2 tc}i#-r2.o I 
D ^)/^°;^7- F^>iELtttL«\ fggEiS J:2Jif^^-/'?2 0 4 ti^V^ )\^r y y° ■ h7 
• -9--/^^ 0 2 icMLT. -tr^y vg >fi!c3A=^IIii^:g>o ^ y ■ y h ^ - 

■ 0 2ii^-^lD 3KI PT m^i£. 10. 0. 0. 1) ^S!j^)^T 

. FT VVx^m$iEisXU'm^~^~^^2 O4ll3t#i--&o 

[0 0 3 1 ] 

• ISfiE*3 J:U^W^^^^"?2 04 c75Auto-Navi ^St±. ^-^cT^miU^r ^7 h t^- 
^'c?)IPTKV;^ (10. 0. 0. 1) ^')V-(\^^i^3y -^-^^2 0 SKm^-Ti^ 

o 

[0 0 3 2] 

^-^fc757N°^'7 b 'I'^lcoMlO-tr^^ h H#oT:7^ L. bi-^o MSiJ-ir-7 b 

[m4] 

IF source IP-address - 1 0.0.0. 1 AND 

(request type = HTTP) THEN (redirect = www.widgetseli.com) 

THEN SET NEW RULE 
IF source IP-address = 10.0.0,1 AND 
(request type = HTTP) THEN ok. 

[0 0 3 3] 

V4 ly^Z^a y • ^-7%2 0 8 (i-r-^T(7) I V v \.-^^:^^ b> hl'M^? 
LT^tL^^tc7)/N°y ~y ^'i-^.o icT^ii-^, L I PT KVX 1 0. 0. 0. 1 

(^-^f ID UserID-3 I'f !l i9 ^ T 5?)^ H T T P t^^- ^ ^-^^/n" 

> 9 '7 a^'-r V^'^^ 3 > • ^-/^^2 0 8 J: oTwww. widgetsel 1 

.com. ^'M V-^ h ?tL^o ^^1^:*^ U V'^'-^a ^ • ^-/-^2 0 8 {iMlU-tr 
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[0 0 3 4] 
[0 0 3 5] 

^'co^ ymm ^m%-rz>o y° v ^-r kiipa^^ h a. mmi^ x v^m^^ -^^204 

[0 0 3 6] 

^ hK^(r)m.M'WMt LT. V^l^^y ■ ^~r^2 O 8 co-f > ^^-^^ f l l O ffl 

h ^fllE-T'S - h ifiXh^o $f * L < \U Bt^<b^ J: fc{ifSiiE^^iJffl-ri> ^ i: H J: 
■oT. 'J V^'->'3 > • ^-/■?2 0 SoO-i' >^^-^^y b 1 1 Oi!|oo^-^-^f ;t{i#co=r 

iis-^t/#^'i'^y^ • ■'f-f ^'-r v-^^ y-t^o ^co^^-^ ■ ^4 ht^^-r^x 

[0 0 3 7] 

mm^\^\tm^^£Xn\^> -rJV^^yh. ftp, WWW^t\ ^^'S^^^ 7°c7)-9--H.x$r 
tUtP (ISih. itBl, 'J ^'-f V^'^^ 3 >) i--s> J; ^ t^*M1--2)ii:^^"e^-2)o :$^5&5f§ (iff L 

[0 0 3 8] 

^fc— IPX, MACT KV^^'^t^cTjJ: 9 7^{tllc7)T FV;^ • ;^^-A=^^tTi"'2># 
Ti^^L/c^^ffli^i^(i-:i— ^f^^ Mi^M-r-g^ I S P<7)J^'^-C^-S);^)5\ n-* 

[m<^ffi^'&i^0^] 

[mi] y 9 ~^^y y -^-e:^ • y^xn^^y^ yi^^T^T^-fyuy^^mx-^^a 
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